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IN THE HOUSE OF REPRESENTATIVES 


Sepremern 5, 1973 


Mr. Gotpwarrr introduced the following bill; which was referred to the Com- 
mittee on the J udiciary 


A BILL 


To provide standards of fair personal information practices. 
1 Be it enacted by the Senate and House of Representa- 
2 tives of the United States of America in Congress assembled, 
3 SECTION 1. This Act may be cited as the “Code of Fair 


4 Information Practices of 1973”. 


5 FINDINGS AND DECLARATION OF PURPOSE 
6 Sec. 2. (a) The Congress finds— 
7 (1) that an individual’s personal privacy is directly 
8 affected by the kind of disclosure and use made of iden- 
9 tifiable information about him in a record; 
10: (2) that a record containing information about an 
11... individual in identifiable form must be governed by 
I 
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2 
1 procedures that afford the individual a right to partici- 
2 pate in deciding what the content of the record will be, 
3 and what disclosure and use will be made of the identi- 
4 fiable information in it; 
5 (3) that any recording, disclosure, and use of iden- 
6 tifiable personal information by an organization not 
7 governed by such procedures must be proscribed as an 
8 unfair information practice unless such recording, dis- 
9 closure, or use is specifically authorized by Federal 
10 statute. 
11 (b) The purpose of this Act is to insure safeguards for 


"12 personal privacy from recordkeeping organizations by ad- 


13 herence to the following principles of information practice: 


14 (1) There must be no personal data recordkeeping 
15 systems whose very existence is secret. 

16 (2) There must be a way for an individual to find 
17 out what information about him is in a record and how it 
18 is used. 

19 (3) There must be a way for an individual to pre- 
20 vent information about him obtained for one purpose 
21. from being used or made available for other purposes 
99 without his consent. 

23 (4) There must be a way for an individual to cor- 
24 rect or amend a record of identifiable information about 
20 him. 
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(5) Any organization creating, maintaining, using, 

or disseminating records of identifiable personal data 
must assure the reliability of the data for their intended 
use and must take reasonable precautions to prevent 
misuse of the data. 

(6) Deviations from these principles should be 
permitted only if it is clear that some significant interest 
of the individual data subject will be served or if some 
paramount societal interest can be clearly demonstrated. 
No deviation should be permitted except as specifically 
provided by statute. 

DEFINITIONS 

Sec. 3. For the purposes of this Act— 

(a) The term “automated personal data system” means 
a collection of records containing personal data that can be 
associated with identifiable individuals, and that arc stored, 
in whole or in part, in computer-accessible files. 

(b) The term “data that can be associated with iden- 
tifiable individuals” means that by some specific identifica- 
tion, such as a name or social security number, or because 
they include personal characteristics, it is possible to identify 
an individual with reasonable certainty. 

(c) The term “personal data” includes all data that de- 
scribes anything about an individual, such as identifying 


characteristics, measurements, test scores; that evidence 
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1 things done by or to an individual such as records of financial 

9 transactions, medical treatment, or other services; or that 

» afford a clear basis for inferring personal characteristics or 
4 things done by or to an individual, such as the mere record 

5 of his presence in a place, attendance at a meeting, or ad- 

G mission to some type of service institution. 

7 (d) The term ‘‘computer accessible” means recorded on 

3 magnetic tape, magnetic disk, magnetic drum, punched card, 

g or optically scannable paper or film. 
10 (c) The term “data system” includes all processing op- 
11 erations, from initial collection of data through all uses of 
12. the data, including outputs from the system. Data recorded on 
13 questionnaires, or stored in microfilm archives, are consid- 
14 ered part of a data system, even when the computer-accessi- 
15 ble files themselves do not contain identifying information. 
16 (f) The term “organization” means any Federal agen- 
17 cy; the courts of the United States; the government of the 
1g District of Columbia; any public or private corporation, part- 
19 ership, agency, or association which operates an adminis- 
99 trative automated personal data system, or a statistical- 
91 reporting and research automated personal data system; and 
99, which is supported in whole or in part by Federal funds, 
93 Federal systems, or federally supported systems, or which 
v4 directly or indirectly makes use of any means or instruments 


o5 of transportation or communications in interstate commerce, 
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1 or of the mails, or which carries ss causes to be carried in the 

2 mails or interstate commerce, or by any other means or in- 

3 struments of transportation any personal data; and any orga- 

4 nization which maintains a record of individually identifiable 

5 personal data which it does not maintain as part of an admin- 

6 istrative or as a statistical-reporting and rescarch automated 

7 personal data system and which transfers such data to one of 

8. the above organizations in interstate commerce. 

9 (g) The term “administrative personal data system” 
10 means one that maintains data on individuals for the purpose 
11 of affecting them directly as individuals; and for making 
12 determinations relating to their qualifications, character, 
13 rights, opportunitics, or benefits. 

Lt (h) The term “statistical-reporting or research system” 
15 means one that maintains data about individuals exclusively 
16 for statistical reporting or research and is not intended to be 
17 used to affect any individual directly. 

18 (i) The term “unfair personal information practive’’ 
19 means a failure to comply with any safeguard requirements 
20 of this Act. 

21 (j) The term “data subject” means the individual whose 
22 name or identity is added to or maintained on an automated 
23 personal data system or a statistical-reporting or research 


a system. 
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1 SAFEGUARD REQUIREM ENTS FOR ADMINISTRATIVE 
a”: PERSONAL DATA SYSTEMS 
3 Sec. 4. (a) GENERAL RequireMENtS.— (1) Any or- 


4 ganization maintaining a record of individually identifiable 
5 personal data, which it docs not maintain as part of an ad- 
6 ministrative automated personal data system, shall make no 
7 transfer of any such data to another organization, without 
g the prior informed consent of the individual to whom the 
9 data pertain, if, as a consequence of the transfer, such data 
10 will become part of an administrative automated personal 
11 data system that is not subject to these safeguard require- 
12 ments. 

13 (2) Any organization maintaining an administrative 


14 automated personal data system shall— 


15 (A) identify one person immediately responsible for 
16 the system, and make any other organizational arrange- 
17 ments that are necessary to assure continuing attention 
18 to the fulfillment of these safeguard requirements; 

19 (B) take affirmative action to inform each of its 
20 employees having any responsibility or function in the 
21 design, development, operation, or maintenance of the 
22 system, or the use of any data contained therein, about 
23 all these safeguard requirements and all the rules and 
24 procedures of the organization designed to assure com- 
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7 
pliance with them, and the nature of such action shall 
be supplied upon the reasonable request of a data subject ; 

(C) specify penaltics to be applied to any employee 
who initiates or otherwise contributes to any disciplinary 
or other punitive action against any individual who brings 
to the attention of appropriate authorities, the press, or 
any member of the public, evidence of unfair personal 
information practice ; 

(D) take reasonable precautions to protect data in 
the system from any anticipated threats or hazards to 
the security of the system; 

(I) make no transfer of individually identifiable 
personal data to another system without (i) specifying 
requirements for security of the data, including limita- 
tions on access thereto, and (ii) determining that the 
conditions of the transfer provide substantial assurance 
that those requirements and limitations will be ob- 
served—except in instances when an individual specifi- 
cally requests that data about him be transferted to an- 
other system or organization ; 

(F) maintain a complete and accurate record of 


every access to and use made of any data in the system, 


-. including the identity of all persons and organizations to 


which access has been given; 
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8 
(G) maintain data in the system with which such 
accuracy, completeness, timeliness, and pertinence as is 
necessary to assure accuracy and fairness in any deter- 
mination relating to an individual’s qualifications, char- 
acter, rights, opportunities, or benefits, that may be 
made on the basis of such data. 

(b) Any organization maimtaining an administrative 
automated personal data system that publicly disseminates 
statistical reports or research findings based on personal data 
drawn from the system, or from systems of other organiza- 
tions, shall— 

(1) make such data publicly available for inde- 
pendent analysis, on reasonable terms; and 
(2) take reasonable precautions to assure that no 

data made available for independent analysis will i 

used ina way that might reasonably be expected to 

prejudice judgments about any individual data subject’s 
character, qualifications, rights, opportunities, or bene- 
fits. 

(c) Pusiic NoTIcE REQUIREMENT.—Any organization 
maintaining an administrative automated personal data sys- 
tem shall give public notice of the existence and character 
of its system once each year, in the case of Federal organiza- 
tions in the Federal Register, or in the case of other organiza- 


tions, in a media likely to bring attention to the evidence of 
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the records to the data subject. Any organization maintain- 
ing more than one system shall publish such annual notices 
for all its systems simultanconsly. A hy organization propos- 
ing to establish a new sysiem, or to enlarge an existing sys- 
tem, shall give public notice long enough in advance of the 
initiation or enlargement of the system to assure individuals 
who may be affected by its operation a reasonable opportu- 
nity to comment. The publie notice shall specify : 

(1) The name of the system. 

(2) The nature and purpose (s) of the system, 

(3) The categories and number of persons on whom 
data are (to be) maintained. 

(4) The categories of data (to be) maintained, in- 
dicating which categories are (to be) stored in computer- 
accessible files. 

(5) The organization’s policies and practices re- 
garding data storage, duration of retention of data, and 
disposal thereof. 

(6) The categories of data sources. 

(7) A description of all types of use (to be) made 
of data, indicating those involving computcr-accessible 
files, and including all classes of users and the organiza- 
tional relationships among them. 

(8) The procedures whereby an individual can (A) 


be informed if he is the subject of data in the systems; 
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10 
(B) gain access to such data; and (C) contest their 
accuracy, completeness, timeliness, pertinence, and the 
necessity for retaining it. 

(9) The procedures whereby an individual, group, 
or organization can gain access to data used. for statisti- 
cal reporting or research in order to subject such data 
to independent analysis. 

(10) The title, name, and address of the person | 
immediately responsible for the system. 

(11) A description of the penalties to be applied 
to any employee who initiates or otherwise contributes to 
any disciplinary or other punitive action against any indi- 
vidual who brings attention to any evidence of unfair 
information practices. 


(d) Riarrs or Ivpivipuan Data Supsnots.—Any 


organization maintaining an administrative automated per- 


sonal data system shall— 


(1) inform an individual asked to supply personal 
data for the system whether he is legally required, or 
may refuse, to supply the data requested, and also of 
any specific consequences for him, which are known to 
the organization, of providing or not providing such 
data; 


(2) upon request and proper identification of any 
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data subject, clearly aud accurately disclose to the data 


subjeet, in a form comprehensible to him— 


Go 


Or 


(A) all data about the data subject; 

(B) the sources of the information ; 

(C) the recipients of any transfer, report, dis- 
semination, or use of data about the data subject, 
including the identity of all persons and organiza- 
tions involved and their relationship to the system; 


(3) comply with the following minimum conditions 


of disclosure to data subjects— 


(A) an organization shall make the disclosures 
required under subsection 4(d) (2) during normal 
business hours; 

(B) the disclosures required under section 4 
(d) (2) shall be made to the data subject (i) in 
person if he appears in person and furnishes proper 
identification; the data subject is entitled to personal, 
visual inspection of data about him; or (i) by tele- 
phone if he has made a written request, with proper 
identification; telephone disclosures are to be made 
without charge to the data subject; and (ili) by mail 
if he has made a written request, with proper identi- 


fication; and (iv) by previding a copy of his file, if 
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1 requested, at a charge not to excced 10 cents per 
2 page; 
3 (C) the data subject shall be permitted to be 
4 accompanied by one person of his choosing, who 
5 shall furnish reasonable identification. An organiza- 
6 tion may require the data subject to furnish a writ- 
7 ten statement granting permission to the organiza- 
8 tion to discuss the data subject’s file in such per- 
9 son’s presence ; 
10 (1) subsection 4(d) (2) disclosure, shall not 
WW apply to subject files that are (i) directly related 
12 to international relations or ternational subversive 
13 activities, or (ii) active criminal investigatory data, 
14 except active criminal investigatory data which has 
15 been maintained for a period longer than reasonably 
16 necessary to bring indictment, ‘sioriion: or to 
17 commence prosecution. 
18 (4) assure that no use of individually identifiable 
19 data is made that is not within the stated purposes of 
20 ihe system as reasonably understood by the individual, 
21 unless, in the case of each use of such data, the informed 
29 consent of the individual has been obtained in writing; 
93 (5) assure that no data about an individual is made 
24 available from the system in response to a demand for 
UF) data made by means of compulsory legal process, unless 
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the individual to whom the data pertain has been noti- 
fied of the demand; and 

(6) if the completeness, accuracy, pertinence, time- 
liness, or necessity for retaining the data in the system is 
disputed by the data subject and the dispute is directly 
conveyed to the organization by the data subject, the 
following minimum procedures shall be followed: 

(A) The organization shall within a reasonable 
period of time investigate and record the current 
status of that data unless it has reasonable grounds 
to believe that the dispute by the data subject is 
frivolous or irrelevant. 

(B) If, after such investigation, such data is 
found to be inaccurate or can no longer be verified, 
the organization shall promptly delete such data. 

(C) The presence of contradictory informa- 
tion in the data subject’s file does not im and of 
itself constitute reasonable grounds for believing the 
dispute is frivolous or irrelevant. 

(D) If the investigation docs not resolve the 
dispute, the data subject may file a brief statement 
setting forth the nature of the dispute; the orga- 
nization may limit such statements to not more than 


one hundred words if the organization provides the 
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1 data subject with assistance in writing a clear sum- 
2 mary of the dispute. 

3 (i) Whenever a statement of a dispute 1s filed, 
4 unless there are reasonable grounds to believe that 
5 it is frivolous or irrelevant, the organization shall, in 
6 * any subsequent transfer, report, or dissemination of 
7 the data in question, clearly note that it is disputed 
8 by the data subject and provide cither the data sub- 
9 ject’s statement or a clear and accurate summary 
10 thereof. 

i (I') Following any deletion of data which is 
12 found to be inaccurate or whose accuracy can no 
13 longer be verified or any notation as to disputed 
14 


data, the organization shall, at the request of the 


= data subject, furnish notification that the item has 
16 been deleted, or a statement, or summary, which 
al contains the deleted or disputed information to any 
e person specifically designated by the data subject. 
7 (i) The organization shall clearly and 
2 . e . 
a conspicuously disclose to the data subject his 
21 P 

rights to make such a request. 
22 SAPEGUARD REQUIREMENTS FOR STATISTICAL-REPORTING 
23 rT S8 PL ry 

AND RESEARCIL SYSTEMS 

24 


Suc. 5. (a) Genpran RuqutremEnts.— (1) Any or- 


ganization maintaining a record of personal data, which it 
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system used exclusively for statistical-reporting or research, 
shall make no transfer of any such data to another organiza- 
tion without prior informed consent of the individual to whom 
the data pertain, if, as a consequence of the transfer, such 


data will become part of an automated personal data system 


that is not subject to these safeguard requirements or the 


safeguard requirements for administrative personal data 
eaten. | 

(2) Any organization maintaining an automated pet- 
sonal data system used exclusively for statistical-reporting 
or research shall— 

(A) identify one person immediately responsible 
for the system, and make any other organizational ar- 
rangements that are necessary to assure continuing af- 
tention to the fulfillment of the safeguard requirements; 

(B) take affirmative action to inform each of its 
employees having any responsibility or function in the 
desion, development, operation, or maintenance of the 
system, or the use of any data contained therein, about 
all the safeguard requirements and all the rules and pro- 
cedures of the organization designed to assure compliance 
with them ; 

(C) specify penalties to be applied to any employee 
who initiates or otherwise contributes to any disciplinary 


or other punitive action against any individual who 
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brings to the attention of appropriate authoritics, the 

press, or any member of the public, evidence of unfair 

personal information practice; é 

(D) take reasonable precautions to protect data 
in the system from any anticipated threats or hazards 
to the security of the system; 

(EH) make no transfer of individually identifiable 
personal data to another system without (i) specifying 
requirements for security of the data, including limita- 
tions on access thereto, and (ii) determining that the 
conditions of the transfer provide substantial assurance 
that those requirements and limitations will be ob- 
served—except in instances when each of the individu- 
als about whom data is to be transferred has given his 
prior informed consent to the transfer ; and 

(') have the capacity to make fully documented 
data readily available for independent analysis. 

(b) Pubiic Noticr REQuIREMENT.—Any organiza- 
tion maintaining an automated personal data system used 
exclusively for statistical-reporting or research shall give 
public notice of the existence and character of its system 
once each year, in the case of Federal organizations in the 
Tederal Register, or in the case of other organizations, in 
a media likely to bring attention to the existence of the rec- 


ords to the data subject. Any organization maintaining more 
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than one such system shall publish annual notices for all its 
systems simultaneously. Any organization proposing to es- 
tablish a new system, or to enlarge an existing system, shall 
give public notice long enough in advance of the initiation 
or enlargement of the system to assure individuals who may 
be affected by its operation a reasonable opportunity to 
comment. The public notice shall specify— 

(1) the name of the system; 

(2) the nature and purpose (s) of the system; 

(3) the categories and number of persons on whom 
data are (to be) maintained; 

(4) the categories of data (to be) maintained, indi- 
cating which categories ure (to be) stored in computer- 
accessible files ; 

(5) the organization’s policies and practices regard- 
ing data storage, duration of retention of data, and dis- 
posal thereof; 

(6) the categories of data sources; 

(7) a description of all types of use (to be) made 
of data, indicating those involving computer-accessible 
files, and including all classes of users and the organiza- 
tional relationships among them; 

(8) the procedures whereby an individual, group, 
or organization can gain access to data for independent 
analysis ; | 
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18 
(9) the title, name, and address of the person im- 
mediately responsible for the system ; 
(10) a statement of the system’s provisions for data 
confidentiality and the legal basis for them. 


(c) Rieurs or Inpivipvan Data Sussects.—Any 


organization maintaining an automated personal data system 


used exclusively for statistical-reporting or research shall— 


(1) inform an individual asked to supply personal 
data for the system whether he is legally required, or 
may refuse, to supply the data requested, and also of any 
specific consequences for him, which are known to the 
organization, of providing or not providing such data; 

(2) assure that no use of individually identifiable 
data is made that is not within the stated purposes of 
the system as reasonably understood by the individual, 
unless, in the case of cach use of such data, the informed 
consent of the individual has been explicitly obtained; 

(3) assure that no data about an individual and 
made available from the system in response to a demand 
for data made by means of compulsory legal process, 
unless the individual to whom the data pertain— 

(A) has been notified of the demand, and 
(B) has been afforded full access to the data 
before they are made available in response to the 


demand. 
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1 ENFORCEMENT 
2 SEC. 6. (a) INJUNCTIONS FoR COMPLIANCE.—When- 


3 ever it appears to the Attorney General of the United States 
4 that any organization has cngaged, is engaged, or is about 
5 to engage in any acts or practices constituting an unfair per- 
6 sonal mformation practice under this Code, he may by his 
7 own discretion bring an action, in the district court of the 
8 United States or the appropriate United States court of any 
9 territory or other place subject to the jurisdiction of the 
10 United States, to enjoin such acts or practices, and showing 
11 there is or is about to be such engagement, a permanent or 
12 temporary injunction or restraining order shall be granted 
13 without bond. Upon application of the Attorney General 
14 any such court may also issuc injunctions commanding any 
15 organization to comply with any section of the Code. The 
16 court may grant as relief, as it deems appropriate, any per- 
17 manent, or, temporary injunction, temporary restraining order, 
18 or other order, at the prayer of a data subject or class of data 
19 - subjects. 
20 (b) Crvin Liapiniry For UNFArr PERsonaL INror- 
21 MATION Practice.—Any organization which commits an 
22 unfair personal information practice shall be liable in an 
23 amount equal to the sum of— 


24 (1) any actual damages sustained by the data sub- 
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ject(s) as a result of the unfair practice, but not less 
than liquidated damages of $10,000; and 

(2) such amount of punitive damages as the court 
may allow; and 

(3) in the case of any successful action to enforce 
any liability under this section, the costs of the action 
together with reasonable attorney’s fees as determined 
by the court. 

(c) Crminat Lrapriiry ror Unrarr Persona In- 
FORMATION Practices BY FepERAL OFFICERS oF EM- 
PLOYEES.—Any officer or employee of any Federal agency, 
the courts of the United States, the governments of the terri- 
tories or possessions of the United States, or the government 
of the District of Columbia who willingly or knowingly per- 
mits or causes to occur an unfair personal information prac- 
tice shall be fined not more than $10,000 or imprisoned not 
more than one year or, suspended from employment without 
pay for not more than one year, or all three. 

(d) JURISDICTION OF CouRTS; LIMITATIONS OF AC- 
TIoNs.—An action to enforce any liability created under this 
Code may be brought in any appropriate United States dis- 
trict court without regard to the amount in controversy, or 
in any other court or competent jurisdiction, within two 
years from the date on which the liability arises, except 


where a defendant has materially and willfully failed to com- 
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ply with the safeguards under this Code, the action may be 


brought at any time within two yoars after discovery by the 
individual data subject. 
SEVERABILITY 

Sec. 7. If any provision of this Code or the appli- 
cation thereof to any particular circumstance or situation -is 
held invalid, the remainder of this Code, or the application 
of such provision to any other circumstance or situation shall 
not be affected thereby. 

EFFECTIVE DATE 

Sec. 8. This Code shall take effect one year after 
the date of its enactment. 

STATE LAWS 

Src. 9. (a) No State law in effect on the date of 
passage of this Act or which may become effective there- 
after shall be superseded by any provision of this Code except 
insofar as such State law is in conflict with this Code. 

(b) The provisions of any State law or regulation in 
effect upon the effective date of this Act, or which may be- 
come effective thereafter, which provide for more stringent 
safeguard standards than do the provisions of this Code shall 
not thereby be construed or held to be in conflict with this 
Code. The provisions of any State law or regulation in effect 
upon the operative date of this Act, or which become effec- 


tive thereafter, which provide for safeguard standards for 
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22 
which no provision is contained in this Code shall not be 
held to be in conflict with this Code. 
FEDERAL AGENCY REGULATIONS 

Src. 10. (a) Hach Federal agency shall, with the 
advice of the Attorney General of the United States pursuant 
to the Administrative Procedure Act, promulgate, adopt, and 
from time to time amend and administer comprehensive rules 
and regulations necessary to further the purposes of this Act 
for the internal activities of such agency and in a manner 
consistent with the safeguards specified herein. 

(b) Notwithstanding any statute or regulation to the 
contrary, rules and regulations issued hereunder shall govern 
and control the collection, security, and dissemination of all 


automated personal data by each Federal agency. 
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